Editorial: Facebook took a half step toward protecting user privacy

If you didn’t read past the headline of Mark Zuckerberg’s 3,200-word blog post Wednesday — “A Privacy-Focused Vision for Social Networking” — you might think that the Facebook chief executive had decided to stop making bank off of the reams of personal information extracted from the social media network’s users.

You would be wrong. Facebook, which earned $16.6 billion from targeted ad sales in the fourth quarter of 2018, is not changing a thing about its flagship social network.

Instead, Zuckerberg’s announcement was mainly a reiteration of something we already knew, with one significant twist. The old news: Facebook plans to more tightly integrate Instagram, the photo-sharing site it bought in 2012, and WhatsApp, the chat app it acquired in 2014, with its Messenger instant-messaging service so that groups of users will be able to communicate privately and seamlessly across all those products. The new news: Facebook will encrypt all communications on that set of networks from end to end — that is, from the sender to the receiver.

To be clear, Facebook users already can create private groups of friends on the site and on Messenger. They just can’t keep their activity private from Facebook and, by extension, from the advertisers it empowered. By adding the encryption that’s already part of WhatsApp to Instagram and Messenger, Facebook is essentially blinding itself to its users’ activities there and giving them true privacy.

That’s a good thing as far as it goes, but again, the main Facebook social network will continue as is, hoovering up personal information and monetizing it. How many of Facebook’s 2.3 billion monthly users will shift to the new “privacy-focused” approach, which is not expected to roll out for some time, remains to be seen.

Enter the Fray: First takes on the news of the minute »

Zuckerberg acknowledged one downside of the plan: Encryption also protects “the privacy of people doing bad things” (for example, terrorist cells plotting attacks) and he said the company was working on ways to detect bad actors through patterns of activity and other means. The implication was that the company, like Apple, would refuse to give governments a virtual back door to decrypt users’ communications, which is a welcome stance. Encryption also protects innocent people from the powerful forces that seek to silence them or steal their data, whether it be dissidents criticizing an authoritarian regime, whistleblowers anonymously exposing malfeasance or everyday Americans trying to keep sensitive information away from hackers.

Granted, Facebook has less-than-altruistic reasons for its new initiative. Privacy regulators have been scrutinizing the company for years, applying increasingly tough limits on collecting and sharing user data. Governments are pressuring the company to find and remove false, harmful or (in some countries) dissident content; by encrypting some of its users’ communications, Facebook will be able to fend off such requests. By integrating its units more tightly together, it may hope to deter critics who want to break the company apart for antitrust reasons. Meanwhile, younger generations of users have bypassed Facebook in favor of services with more privacy protections, such as Snapchat.

Regardless of Facebook’s motives, though, creating a fully encrypted offshoot is a pretty bold step for a business that capitalizes on its users’ personal information. Perhaps Facebook, which has been a model for how not to respect users’ privacy, can now show other major internet companies that it’s possible to survive without data-mining one’s customers.

Follow the Opinion section on Twitter @latimesopinionand Facebook